In its latest blog post, Google’s Project Zero team has raised concerns about the security of eighteen mobile phones that use Exynos processors. These vulnerabilities can potentially be exploited by remote attackers through Wi-Fi and Voice-over-LTE (VoLTE) calls.
The team has classified the threats into four cases where an attacker can gain access to the device’s modem simply by knowing the victim’s phone number, and fourteen cases where the procedure is more complex, requiring local device access or mobile carrier system access.
The team has recommended that device owners should install upcoming security updates as soon as possible to mitigate the risks.
However, the release of these updates is at the discretion of individual device manufacturers. In the meantime, device owners can reduce their exposure by disabling Wi-Fi calling and VoLTE features in their device settings.
- Samsung Galaxy S22, M33, M13, M12, A71, A53, A33, A21s, A13, A12 and A04 phones
- Vivo phones from the S16, S15, S6, X70, X60 and X30 series
- Google’s Pixel 6 and Pixel 7 phones
- All vehicles with Exynos Auto T5123 chipset
Among the affected devices are some Samsung and Google phones, for which the issue has likely been addressed in the January or February patch, assuming users have responsibly installed it. The situation may be more challenging for Vivo phone users.
Mobile phone security has become increasingly crucial in today’s connected world. Google’s Project Zero team plays a crucial role in identifying vulnerabilities and addressing them before they can be exploited.
By highlighting these potential security risks, the team hopes to create awareness among device manufacturers and users, and encourage prompt and responsible action to mitigate the risks.